Information governance hard to achieve, worth effort to protect data

A LegalTech panel encouraged organizations to work toward information governance to protect the privacy of sensitive data.

Information governance (IG) is nearly impossible to achieve, but is a goal worth pursuing to protect the privacy of sensitive data and ensure organizations can meet discovery requests, according to a panel at the LegalTech show in New York.

To create a legally defensible IG strategy, companies must understand where information resides as well as who has the data, how to get at it and how quickly legal can get at it during discovery.

Allan Hsu, director of eDiscovery/ligitation at Fannie Mae, warned against treating all data the same. “It creates unneeded complexity and will likely cause non-compliance among your employees,” he said, noting that it's important to create workable solutions for protecting information. He pointed to BYOD as an example where employees use personal devices to store and move corporate information. “You could put them in a container but it's not efficient,” he said, raising the specter of personal privacy issues. “Can you really collect someone's personal device. It's like going into their house and looking through their drawers.”

He urged organizations to bring all content stakeholders on board, including business units to inform an IG strategy and “know where potential leak points are.”

The panelists said working with IT is critical, but legal applying a stronger hand than it has done in the past. “IT is overhead, IT always trying to find ways to cut costs,” said Hsu.

The panelists admitted that legal departments often don't consult with IT before picking a third-party vendor. But that needs to change.

Third parties should be closely scrutinized to see what they're doing to secure their networks as well as the data that is being sent to them.

“Take ownership as much as possible,” said Hsu. “If a breach occurs it's your responsibility. Your company is in the headlines.”

He said that organizations should prepare themselves for incidents. “Create a solution that is easy and actually gives you some [measure] of security,” said Hsu. “Educate employees. Have a detailed playbook laid out. Establish proper chain of communications.”

While the IG ideal may not be reachable, Sitter said companies can develop a strategy to harness their information by identifying “a couple of critical subsets” and once strategies are developed for those “use it as template.”

Techscape is SC Media’s content marketing platform. Industry experts share their views in the following categories

Partner Content is sponsored content brought to you by a vendor

SC Media arms cybersecurity professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face and establish risk management and compliance postures that underpin overall business strategies.